summaryrefslogtreecommitdiffstats
path: root/Tools/ProtoProxy
diff options
context:
space:
mode:
authormadmaxoft <github@xoft.cz>2014-01-25 19:19:37 +0100
committermadmaxoft <github@xoft.cz>2014-01-25 19:19:37 +0100
commit8f1890e877467bd458910e4b7e5d8dcaceb25854 (patch)
tree52c1423f766626dd94bfb948e1f14c480c529313 /Tools/ProtoProxy
parentAdded RSA encryption to crypto wrappers. (diff)
downloadcuberite-8f1890e877467bd458910e4b7e5d8dcaceb25854.tar
cuberite-8f1890e877467bd458910e4b7e5d8dcaceb25854.tar.gz
cuberite-8f1890e877467bd458910e4b7e5d8dcaceb25854.tar.bz2
cuberite-8f1890e877467bd458910e4b7e5d8dcaceb25854.tar.lz
cuberite-8f1890e877467bd458910e4b7e5d8dcaceb25854.tar.xz
cuberite-8f1890e877467bd458910e4b7e5d8dcaceb25854.tar.zst
cuberite-8f1890e877467bd458910e4b7e5d8dcaceb25854.zip
Diffstat (limited to 'Tools/ProtoProxy')
-rw-r--r--Tools/ProtoProxy/CMakeLists.txt18
-rw-r--r--Tools/ProtoProxy/Connection.cpp51
-rw-r--r--Tools/ProtoProxy/Connection.h12
-rw-r--r--Tools/ProtoProxy/Globals.h8
-rw-r--r--Tools/ProtoProxy/Server.cpp8
-rw-r--r--Tools/ProtoProxy/Server.h8
6 files changed, 45 insertions, 60 deletions
diff --git a/Tools/ProtoProxy/CMakeLists.txt b/Tools/ProtoProxy/CMakeLists.txt
index f8a01a134..9e233a688 100644
--- a/Tools/ProtoProxy/CMakeLists.txt
+++ b/Tools/ProtoProxy/CMakeLists.txt
@@ -63,9 +63,11 @@ endif()
# Set include paths to the used libraries:
include_directories("../../lib")
+include_directories("../../lib/polarssl/include")
include_directories("../../src")
+
function(flatten_files arg1)
set(res "")
foreach(f ${${arg1}})
@@ -77,11 +79,11 @@ endfunction()
# Include the libraries:
-file(GLOB CRYPTOPP_SRC "../../lib/cryptopp/*.cpp")
-file(GLOB CRYPTOPP_HDR "../../lib/cryptopp/*.h")
-flatten_files(CRYPTOPP_SRC)
-flatten_files(CRYPTOPP_HDR)
-source_group("CryptoPP" FILES ${CRYPTOPP_SRC} ${CRYPTOPP_HDR})
+file(GLOB POLARSSL_SRC "../../lib/polarssl/library/*.c")
+file(GLOB POLARSSL_HDR "../../lib/polarssl/include/polarssl/*.h")
+flatten_files(POLARSSL_SRC)
+flatten_files(POLARSSL_HDR)
+source_group("PolarSSL" FILES ${POLARSSL_SRC} ${POLARSSL_HDR})
file(GLOB ZLIB_SRC "../../lib/zlib/*.c")
file(GLOB ZLIB_HDR "../../lib/zlib/*.h")
@@ -96,12 +98,14 @@ set(SHARED_SRC
../../src/StringUtils.cpp
../../src/Log.cpp
../../src/MCLogger.cpp
+ ../../src/Crypto.cpp
)
set(SHARED_HDR
../../src/ByteBuffer.h
../../src/StringUtils.h
../../src/Log.h
../../src/MCLogger.h
+ ../../src/Crypto.h
)
set(SHARED_OSS_SRC
../../src/OSSupport/CriticalSection.cpp
@@ -145,8 +149,8 @@ add_executable(ProtoProxy
${SHARED_HDR}
${SHARED_OSS_SRC}
${SHARED_OSS_HDR}
- ${CRYPTOPP_SRC}
- ${CRYPTOPP_HDR}
+ ${POLARSSL_SRC}
+ ${POLARSSL_HDR}
${ZLIB_SRC}
${ZLIB_HDR}
)
diff --git a/Tools/ProtoProxy/Connection.cpp b/Tools/ProtoProxy/Connection.cpp
index b63935f38..510d3645d 100644
--- a/Tools/ProtoProxy/Connection.cpp
+++ b/Tools/ProtoProxy/Connection.cpp
@@ -378,13 +378,13 @@ bool cConnection::RelayFromServer(void)
}
case csEncryptedUnderstood:
{
- m_ServerDecryptor.ProcessData((byte *)Buffer, (byte *)Buffer, res);
+ m_ServerDecryptor.ProcessData((Byte *)Buffer, (Byte *)Buffer, res);
DataLog(Buffer, res, "Decrypted %d bytes from the SERVER", res);
return DecodeServersPackets(Buffer, res);
}
case csEncryptedUnknown:
{
- m_ServerDecryptor.ProcessData((byte *)Buffer, (byte *)Buffer, res);
+ m_ServerDecryptor.ProcessData((Byte *)Buffer, (Byte *)Buffer, res);
DataLog(Buffer, res, "Decrypted %d bytes from the SERVER", res);
return CLIENTSEND(Buffer, res);
}
@@ -423,7 +423,7 @@ bool cConnection::RelayFromClient(void)
case csEncryptedUnknown:
{
DataLog(Buffer, res, "Decrypted %d bytes from the CLIENT", res);
- m_ServerEncryptor.ProcessData((byte *)Buffer, (byte *)Buffer, res);
+ m_ServerEncryptor.ProcessData((Byte *)Buffer, (Byte *)Buffer, res);
return SERVERSEND(Buffer, res);
}
}
@@ -473,13 +473,13 @@ bool cConnection::SendData(SOCKET a_Socket, cByteBuffer & a_Data, const char * a
-bool cConnection::SendEncryptedData(SOCKET a_Socket, Encryptor & a_Encryptor, const char * a_Data, int a_Size, const char * a_Peer)
+bool cConnection::SendEncryptedData(SOCKET a_Socket, cAESCFBEncryptor & a_Encryptor, const char * a_Data, int a_Size, const char * a_Peer)
{
DataLog(a_Data, a_Size, "Encrypting %d bytes to %s", a_Size, a_Peer);
- const byte * Data = (const byte *)a_Data;
+ const Byte * Data = (const Byte *)a_Data;
while (a_Size > 0)
{
- byte Buffer[64 KiB];
+ Byte Buffer[64 KiB];
int NumBytes = (a_Size > sizeof(Buffer)) ? sizeof(Buffer) : a_Size;
a_Encryptor.ProcessData(Buffer, Data, NumBytes);
bool res = SendData(a_Socket, (const char *)Buffer, NumBytes, a_Peer);
@@ -497,7 +497,7 @@ bool cConnection::SendEncryptedData(SOCKET a_Socket, Encryptor & a_Encryptor, co
-bool cConnection::SendEncryptedData(SOCKET a_Socket, Encryptor & a_Encryptor, cByteBuffer & a_Data, const char * a_Peer)
+bool cConnection::SendEncryptedData(SOCKET a_Socket, cAESCFBEncryptor & a_Encryptor, cByteBuffer & a_Data, const char * a_Peer)
{
AString All;
a_Data.ReadAll(All);
@@ -2701,7 +2701,7 @@ bool cConnection::ParseMetadata(cByteBuffer & a_Buffer, AString & a_Metadata)
int Length = 0;
switch (Type)
{
- case 0: Length = 1; break; // byte
+ case 0: Length = 1; break; // Byte
case 1: Length = 2; break; // short
case 2: Length = 4; break; // int
case 3: Length = 4; break; // float
@@ -2860,37 +2860,26 @@ void cConnection::LogMetadata(const AString & a_Metadata, size_t a_IndentCount)
void cConnection::SendEncryptionKeyResponse(const AString & a_ServerPublicKey, const AString & a_Nonce)
{
// Generate the shared secret and encrypt using the server's public key
- byte SharedSecret[16];
- byte EncryptedSecret[128];
+ Byte SharedSecret[16];
+ Byte EncryptedSecret[128];
memset(SharedSecret, 0, sizeof(SharedSecret)); // Use all zeroes for the initial secret
- RSA::PublicKey pk;
- CryptoPP::StringSource src(a_ServerPublicKey, true);
- ByteQueue bq;
- src.TransferTo(bq);
- bq.MessageEnd();
- pk.Load(bq);
- RSAES<PKCS1v15>::Encryptor rsaEncryptor(pk);
- RandomPool rng;
- time_t CurTime = time(NULL);
- rng.Put((const byte *)&CurTime, sizeof(CurTime));
- int EncryptedLength = rsaEncryptor.FixedCiphertextLength();
- ASSERT(EncryptedLength <= sizeof(EncryptedSecret));
- rsaEncryptor.Encrypt(rng, SharedSecret, sizeof(SharedSecret), EncryptedSecret);
- m_ServerEncryptor.SetKey(SharedSecret, 16, MakeParameters(Name::IV(), ConstByteArrayParameter(SharedSecret, 16, true))(Name::FeedbackSize(), 1));
- m_ServerDecryptor.SetKey(SharedSecret, 16, MakeParameters(Name::IV(), ConstByteArrayParameter(SharedSecret, 16, true))(Name::FeedbackSize(), 1));
+ m_Server.GetPrivateKey().Encrypt(SharedSecret, sizeof(SharedSecret), EncryptedSecret, sizeof(EncryptedSecret));
+
+ m_ServerEncryptor.Init(SharedSecret, SharedSecret);
+ m_ServerDecryptor.Init(SharedSecret, SharedSecret);
// Encrypt the nonce:
- byte EncryptedNonce[128];
- rsaEncryptor.Encrypt(rng, (const byte *)(a_Nonce.data()), a_Nonce.size(), EncryptedNonce);
+ Byte EncryptedNonce[128];
+ m_Server.GetPrivateKey().Encrypt((const Byte *)a_Nonce.data(), a_Nonce.size(), EncryptedNonce, sizeof(EncryptedNonce));
// Send the packet to the server:
Log("Sending PACKET_ENCRYPTION_KEY_RESPONSE to the SERVER");
cByteBuffer ToServer(1024);
ToServer.WriteByte(0x01); // To server: Encryption key response
- ToServer.WriteBEShort(EncryptedLength);
- ToServer.WriteBuf(EncryptedSecret, EncryptedLength);
- ToServer.WriteBEShort(EncryptedLength);
- ToServer.WriteBuf(EncryptedNonce, EncryptedLength);
+ ToServer.WriteBEShort((short)sizeof(EncryptedSecret));
+ ToServer.WriteBuf(EncryptedSecret, sizeof(EncryptedSecret));
+ ToServer.WriteBEShort((short)sizeof(EncryptedNonce));
+ ToServer.WriteBuf(EncryptedNonce, sizeof(EncryptedNonce));
SERVERSEND(ToServer);
m_ServerState = csEncryptedUnderstood;
m_IsServerEncrypted = true;
diff --git a/Tools/ProtoProxy/Connection.h b/Tools/ProtoProxy/Connection.h
index abb8b6cd0..5e4f8cd7b 100644
--- a/Tools/ProtoProxy/Connection.h
+++ b/Tools/ProtoProxy/Connection.h
@@ -62,14 +62,12 @@ public:
void LogFlush(void);
protected:
- typedef CFB_Mode<AES>::Encryption Encryptor;
- typedef CFB_Mode<AES>::Decryption Decryptor;
-
+
cByteBuffer m_ClientBuffer;
cByteBuffer m_ServerBuffer;
- Decryptor m_ServerDecryptor;
- Encryptor m_ServerEncryptor;
+ cAESCFBDecryptor m_ServerDecryptor;
+ cAESCFBEncryptor m_ServerEncryptor;
AString m_ServerEncryptionBuffer; // Buffer for the data to be sent to the server once encryption is established
@@ -111,10 +109,10 @@ protected:
bool SendData(SOCKET a_Socket, cByteBuffer & a_Data, const char * a_Peer);
/// Sends data to the specfied socket, after encrypting it using a_Encryptor. If sending fails, prints a fail message using a_Peer and returns false
- bool SendEncryptedData(SOCKET a_Socket, Encryptor & a_Encryptor, const char * a_Data, int a_Size, const char * a_Peer);
+ bool SendEncryptedData(SOCKET a_Socket, cAESCFBEncryptor & a_Encryptor, const char * a_Data, int a_Size, const char * a_Peer);
/// Sends data to the specfied socket, after encrypting it using a_Encryptor. If sending fails, prints a fail message using a_Peer and returns false
- bool SendEncryptedData(SOCKET a_Socket, Encryptor & a_Encryptor, cByteBuffer & a_Data, const char * a_Peer);
+ bool SendEncryptedData(SOCKET a_Socket, cAESCFBEncryptor & a_Encryptor, cByteBuffer & a_Data, const char * a_Peer);
/// Decodes packets coming from the client, sends appropriate counterparts to the server; returns false if the connection is to be dropped
bool DecodeClientsPackets(const char * a_Data, int a_Size);
diff --git a/Tools/ProtoProxy/Globals.h b/Tools/ProtoProxy/Globals.h
index 7415c9e62..547903e7a 100644
--- a/Tools/ProtoProxy/Globals.h
+++ b/Tools/ProtoProxy/Globals.h
@@ -74,6 +74,8 @@ typedef unsigned long long UInt64;
typedef unsigned int UInt32;
typedef unsigned short UInt16;
+typedef unsigned char Byte;
+
@@ -223,12 +225,8 @@ public:
-#include "cryptopp/randpool.h"
-#include "cryptopp/aes.h"
-#include "cryptopp/rsa.h"
-#include "cryptopp/modes.h"
+#include "../../src/Crypto.h"
-using namespace CryptoPP;
diff --git a/Tools/ProtoProxy/Server.cpp b/Tools/ProtoProxy/Server.cpp
index 71b5ecb94..bb042b259 100644
--- a/Tools/ProtoProxy/Server.cpp
+++ b/Tools/ProtoProxy/Server.cpp
@@ -34,12 +34,8 @@ int cServer::Init(short a_ListenPort, short a_ConnectPort)
#endif // _WIN32
printf("Generating protocol encryption keypair...\n");
- time_t CurTime = time(NULL);
- RandomPool rng;
- rng.Put((const byte *)&CurTime, sizeof(CurTime));
- m_PrivateKey.GenerateRandomWithKeySize(rng, 1024);
- RSA::PublicKey pk(m_PrivateKey);
- m_PublicKey = pk;
+ m_PrivateKey.Generate();
+ m_PublicKeyDER = m_PrivateKey.GetPubKeyDER();
m_ListenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
sockaddr_in local;
diff --git a/Tools/ProtoProxy/Server.h b/Tools/ProtoProxy/Server.h
index e69dbb5e0..85f817a4d 100644
--- a/Tools/ProtoProxy/Server.h
+++ b/Tools/ProtoProxy/Server.h
@@ -17,8 +17,8 @@
class cServer
{
SOCKET m_ListenSocket;
- RSA::PrivateKey m_PrivateKey;
- RSA::PublicKey m_PublicKey;
+ cRSAPrivateKey m_PrivateKey;
+ AString m_PublicKeyDER;
short m_ConnectPort;
public:
@@ -27,8 +27,8 @@ public:
int Init(short a_ListenPort, short a_ConnectPort);
void Run(void);
- RSA::PrivateKey & GetPrivateKey(void) { return m_PrivateKey; }
- RSA::PublicKey & GetPublicKey (void) { return m_PublicKey; }
+ cRSAPrivateKey & GetPrivateKey(void) { return m_PrivateKey; }
+ const AString & GetPublicKeyDER (void) { return m_PublicKeyDER; }
short GetConnectPort(void) const { return m_ConnectPort; }
} ;